Top (Cyber) Podcast Tip: ‘Weird’ Is What You Want on Threat Intel Teams

Threat intelligence teams sometimes get a bad rap.

They can come off as “weird security voyeurs,” tracking the exploits of cybercriminals across the globe but not offering the data they collect in any kind of actionable way. Which does little for chief information security officers (CISOs), or the boards they serve, and even less for the customers and workers at an enterprise they’re engaged to protect.

Microsoft’s Sherrod DeGrippo knows how to make threat intelligence actionable. As for that other thing? Well, don’t discount the value of weirdness in this field.

The future of IT and security is autonomous. But most organizations don’t know which manual processes are easy to eliminate. This is where you start.

“I am a weird security voyeur,” she proclaims on a newly released episode of our podcast, Let’s Converge. In fact, she proudly posts that WSV moniker at the top of her LinkedIn profile. Technically, she’s Microsoft’s director of threat intelligence strategy, and her resume is packed with other impressive bona fides from more than two decades in cybersecurity, with roles at Proofpoint, Symantec, SecureWorks, and the National Nuclear Security Administration.

But don’t tune in to this episode because of that, or her accolades – 2022’s Cybersecurity Woman of the Year, among others. Tune in to hear DeGrippo explain, like few others can, why weird – reveling in the odd patterns or anomalies in cyber activity you spot and can’t quite explain, and digging in and tracking those patterns, which may lead nowhere but, hey, you can’t quite let it go because, well, there’s just something weird about it that makes your brain itch – is actually an asset in the increasingly essential field of threat intelligence.

If you’re a CISO building a threat intel team or an enterprise leader funding one, you want that quality. You seriously want weird.

This week, we ask: How do you lead a threat intel team, and how can AI help?

The trick to getting the most out of AI is to use AI – and at every opportunity, says DeGrippo.

I am a weird security voyeur.

She hit her inflection point about a year ago, when a boss pointed out that she wasn’t using AI as often as she could be. He meant for work, but she realized in order to do that she needed to go all in. She now uses AI for a host of formerly time-consuming tasks, from grocery lists to threat intel reports. (Microsoft Copilot for Security, with its easy-to-use natural-language capacity, helps her tally the TTPs [tactics, techniques, and procedures] used in a given threat actor’s arsenal.) It’s a matter of getting yourself in the habit of turning to AI first for the mindless busy work in your day, she says, rather than trying to do it yourself.

“The people who are faster at that thought process will be more successful.”

This rang true for Melissa Bischoping, a co-host on Let’s Converge and director of endpoint security research at Tanium (a leading innovator in cybersecurity solutions and publisher of this magazine). “I am the queen of using AI to help me build an outline for a conference presentation,” she says. “I’ve got this dump of bullet-point ideas that I have brainstormed. Help me make this make sense. Give me structure. I don’t need you to write my presentation for me, but I need you to help me get there.”

[Read also: Here’s your ultimate guide to AI cybersecurity – benefits, risks, and rewards]

Ultimately, both women concur, AI can speed up any process (whether you’re enlisting it for threat intel, a conference presentation, or a grocery list). Still, humans will need to remain in the loop to assess and oversee what the AI spits out. And having a diverse team, from varied backgrounds – DeGrippo studied fine art in college, Bischoping came to security after stints in retail, real estate, and aviation – will make that oversight all the stronger.

“People come from all over,” says DeGrippo. “Ultimately, I think if you have a security sense, then we can find something for you to do. You want to be nervous and weird with us? We’ll give you tasks.”

LISTEN TO MORE

By tuning in to Let’s Converge, you’re joining a community of like-minded individuals who are passionate about cybersecurity. We’ll drop a fresh episode every week – and at just 20 minutes or so, it’s easy to stay informed without hours of listening.

• Ep. 13: Do You Need to Hire a Chief AI Officer? – Tanium’s Mike Curran, vp of global talent, talks with CDO Club founder and chief AI officer expert David Mathison about the responsibilities of the role, the hierarchy in the C-suite, and why you can’t trust half of the chief AI officers listed on LinkedIn.
• Or check out our gallery of earlier episodes here – Informative and provocative discussions about data privacy (why it pays to take it seriously), ChatGPT (the hype and the hope), automation (security’s best kept secret), ransomware negotiation (to pay or not to pay), and much, much more.